# Report 2019-09

## News

 - [Google accused of secretly feeding personal data to advertisers](https://www.irishtimes.com/business/technology/google-accused-of-secretly-feeding-personal-data-to-advertisers-1.4007629)
 - [Your mental health for sale](https://privacyintyqcroe.onion/campaigns/your-mental-health-sale)
 - [When Apps Get Your Medical Data, Your Privacy May Go With It](https://www.nytimes.com/2019/09/03/technology/smartphone-medical-records.html)
 - [Delhi airport T3 begins trial of facial recognition tech today](https://www.thehindubusinessline.com/economy/delhi-airport-t3-begins-trial-of-facial-recognition-tech-today/article29342234.ece)
 - [Beware the GHOST Protocol](https://www.privateinternetaccess.com/blog/2019/09/beware-the-ghost-protocol/)
 - [DMVs Are Selling Your Data to Private Investigators](https://www.vice.com/en_us/article/43kxzq/dmvs-selling-data-private-investigators-making-millions-of-dollars)
 - [Facebook's Dating Service is Full of Red Flags](https://www.eff.org/deeplinks/2019/09/facebooks-dating-service-full-red-flags)
 - [No Body's Business But Mine: How Menstruation Apps Are Sharing Your Data](https://www.privacyinternational.org/long-read/3196/no-bodys-business-mine-how-menstruation-apps-are-sharing-your-data)
 - [Unencrypted patient medical information broadcast across Vancouver](https://openprivacy.ca/blog/2019/09/09/open-privacy-discovers-vancouver-patient-medical-data-breach/)
 - [Google collects face data now. Here's what it means and how to opt out](https://www.cnet.com/how-to/google-collects-face-data-now-what-it-means-and-how-to-opt-out/)
 - [HP printers try to send data back to HP about your devices and what you print](https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/)
 - [Medical images and health data, including X-rays, MRIs, and CT scans, with names and birthdates, from 16M scans worldwide are available unprotected online](https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet)
 - [Bulk surveillance is unlawful, says the High Court of South Africa](https://privacyintyqcroe.onion/news-analysis/3212/bulk-surveillance-unlawful-says-high-court-south-africa)
 - [This Company Built a Private Surveillance Network. We Tracked Someone With It](https://www.vice.com/en_us/article/ne879z/i-tracked-someone-with-license-plate-readers-drn)
 - [Big Tech’s Disingenuous Push for a Federal Privacy Law](https://www.eff.org/deeplinks/2019/09/big-techs-disingenuous-push-federal-privacy-law)
 - [Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices](https://freedom-to-tinker.com/2019/09/18/watching-you-watch-the-tracking-ecosystem-of-over-the-top-tv-streaming-devices/)
 - [India Is Planning a Huge China-Style Facial Recognition Program](https://www.bloomberg.com/news/articles/2019-09-19/india-seeks-to-adopt-china-style-facial-recognition-in-policing)
 - [New surveillance tech means you'll never be anonymous again](https://www.wired.co.uk/article/surveillance-technology-biometrics)
 - [Channel 4 to use Sky’s AdSmart technology to deliver fully-targeted, addressable ads across Channel 4 Sales’ linear channels for the first time](https://www.channel4.com/press/news/sky-and-channel-4-broaden-industry-leading-partnership)
 - [China's new 'super camera' can instantly pinpoint specific targets among tens of thousands of people](https://www.abc.net.au/news/2019-09-26/chinas-new-500-megapixel-super-camera/11539176)
 - [Vimeo collected detailed facial scans without consent, lawsuit alleges](https://arstechnica.com/tech-policy/2019/09/vimeo-sued-for-allegedly-collecting-facial-biometrics-without-consent/)
 - [Plan for massive facial recognition database sparks privacy concerns](https://www.theguardian.com/technology/2019/sep/29/plan-for-massive-facial-recognition-database-sparks-privacy-concerns)

## Data Breaches

 - [Teletext Holidays a) exists and b) left 200k customer call recordings exposed in S3 bucket](https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/)
 - [Hackers Breach Forum Of Popular Webcomic ‘XKCD’](https://www.vice.com/en_us/article/vb5v7d/xkcd-forum-data-breach?)
 - [A huge database of Facebook users’ phone numbers found online](https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/)
 - [Monster.com says a third party exposed user data but didn’t tell anyone](https://techcrunch.com/2019/09/05/monster-exposed-user-data-years/)
 - [Report: Ecuadorian Breach Reveals Sensitive Personal Data](https://www.vpnmentor.com/blog/report-ecuador-leak/)
 - [Data of 24.3 million Lumin PDF users shared on hacking forum](https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/)
 - [DoorDash confirms a data breach on May 4 affecting 4.9M customers, workers, and merchants, with last-four digits of payment cards, driver's license info stolen](https://techcrunch.com/2019/09/26/doordash-data-breach/)
 - [Hackers stole customer credit cards in Newegg data breach](https://techcrunch.com/2018/09/19/newegg-credit-card-data-breach/)
 - [Zynga game data breach](https://securityaffairs.co/wordpress/91850/data-breach/zynga-game-data-breach.html)

## Papers

 - [Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach (IMC 19)](https://moniotrlab.ccis.neu.edu/imc19/)
 - [Tracking Ecosystem of Over-the-Top TV Streaming Devices](https://tv-watches-you.princeton.edu/)
 - [(Un)informed Consent: Studying GDPR Consent Notices in the Field](https://arxiv.org/abs/1909.02638v1)
